USN-2286-1: Linux kernel (Raring HWE) vulnerabilities

Ubuntu Security Notice USN-2286-1

linux-lts-raring vulnerabilities

A security issue affects these releases of Ubuntu and its
derivatives:

Ubuntu 12.04 LTS

Summary

Several security issues were fixed in the kernel.

Software description

linux-lts-raring
- Linux hardware enablement kernel from Raring

Details

Sasha Levin reported a flaw in the Linux kernel's point-to-point protocol(PPP) when used with the Layer Two Tunneling Protocol (L2TP). A local usercould exploit this flaw to gain administrative privileges. (CVE-2014-4943)

Michael S. Tsirkin discovered an information leak in the Linux kernel'ssegmentation of skbs when using the zerocopy feature of vhost-net. A localattacker could exploit this flaw to gain potentially sensitive informationfrom kernel memory. (CVE-2014-0131)

Salva Peiró discovered an information leak in the Linux kernel's media-device driver. A local attacker could exploit this flaw to obtain sensitiveinformation from kernel memory. (CVE-2014-1739)

A bounds check error was discovered in the socket filter subsystem of theLinux kernel. A local user could exploit this flaw to cause a denial ofservice (system crash) via crafted BPF instructions. (CVE-2014-3144)

A remainder calculation error was discovered in the socket filter subsystemof the Linux kernel. A local user could exploit this flaw to cause a denialof service (system crash) via crafted BPF instructions. (CVE-2014-3145)

An flaw was discovered in the Linux kernel's audit subsystem when auditingcertain syscalls. A local attacker could exploit this flaw to obtainpotentially sensitive single-bit values from kernel memory or cause adenial of service (OOPS). (CVE-2014-3917)

A flaw was discovered in the Linux kernel's implementation of usernamespaces with respect to inode permissions. A local user could exploitthis flaw by creating a user namespace to gain administrative privileges.(CVE-2014-4014)

Don Bailey discovered a flaw in the LZO decompress algorithm used by theLinux kernel. An attacker could exploit this flaw to cause a denial ofservice (memory corruption or OOPS). (CVE-2014-4608)

Update instructions

The problem can be corrected by updating your system to the following
package version:

After a standard system update you need to reboot your computer to makeall the necessary changes.

ATTENTION: Due to an unavoidable ABI change the kernel updates havebeen given a new version number, which requires you to recompile andreinstall all third party kernel modules you might have installed. Ifyou use linux-restricted-modules, you have to update that package aswell to get modules which work with the new kernel version. Unless youmanually uninstalled the standard kernel metapackages (e.g. linux-generic,linux-server, linux-powerpc), a standard system upgrade will automaticallyperform this as well.